This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-vanilla_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 10:46:21 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a5830ee10014f721a14281d1cff0656a561de391 * md5sum 1af9aed8a3077b2e00c1fb2a3aa22857 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXm52AAoJEIXCXpWhbrlNxhMIALWTMClADiDoKAlHw51omgoY /Ahhh0qcZMFUkIQMY4c77fPM22w1mMSPu+p0lwCq5x366ndHacYyM1vbzEbJj45h TMDaLTrOvrahJrE7zczO2BrSHmEjISZD/gCoTfIusWwvITtWrKNr+9P9H6Hij8df Ns9vGZpmXsWKtuUB1pPLcjFA5ZWDukM/n3JT5lEtCJr4IUCrsQ32n3GDYid9hnOQ q9TAwc+rxId/9NanNWl9hJrjWp8nJQv80prNv8nn7XDyRxiCPTq6G4mFuuAFAwvc m+rg2dqzQ+rQxYtJ9QjGCXgN3W6xs4YrMAgCbavK2YLfIzTFS4+PIQEpISkNSHM= =Pol+ -----END PGP SIGNATURE-----